Salt Security
API security tools
Cloud security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Salt Security and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Information technology and software
- Media and communications
- Real estate and property management
What is Salt Security
Salt Security is an API security platform focused on discovering APIs, monitoring API traffic, and detecting and preventing API-specific attacks such as abuse, data exposure, and account takeover patterns. It is used by security and application teams to inventory APIs across environments, identify vulnerabilities and misconfigurations, and prioritize remediation based on observed risk. The product emphasizes runtime analysis of API behavior and automated discovery to cover both documented and undocumented APIs.
Automated API discovery
The platform is designed to discover APIs from network traffic and other telemetry, which helps teams identify undocumented or “shadow” APIs. This supports governance and risk assessment when organizations have many teams publishing services independently. It is particularly useful in environments where API inventories are incomplete or change frequently.
Runtime attack detection focus
Salt Security centers on detecting API abuse patterns at runtime, including anomalous usage, credential stuffing-like behavior against APIs, and data exfiltration attempts. This complements pre-production testing by covering issues that only appear under real traffic and attacker behavior. Security teams can use these detections to triage incidents and validate whether an API weakness is being exploited.
API risk prioritization
The product provides risk scoring and prioritization intended to help teams focus on the APIs and endpoints most likely to lead to material impact. This can reduce time spent on low-signal findings compared with approaches that rely only on static specifications or generic web controls. It also supports collaboration by mapping findings to specific APIs and endpoints for remediation workflows.
Requires traffic visibility
Many capabilities depend on access to sufficient API traffic telemetry (for example via gateways, proxies, agents, or mirrored traffic). In low-traffic services or segmented networks, discovery and behavioral baselining can be slower or less complete. Organizations may need additional engineering work to ensure coverage across all environments.
Not a full cloud posture tool
Although it is used in cloud environments, its core scope is API security rather than broad cloud security posture management across infrastructure and identities. Teams typically still need separate tooling for cloud configuration drift, workload posture, and non-API attack surfaces. Buyers evaluating it as “cloud security software” should validate the boundaries of coverage.
Integration and tuning effort
Deployments often require integration with API gateways, SIEM/SOAR, identity providers, and development workflows to operationalize findings. Behavioral detections can require tuning to reduce false positives in complex consumer patterns and partner integrations. This can increase time-to-value for organizations with highly heterogeneous API ecosystems.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Not published / Contact sales | Contact Salt Security for pricing | Salt Security does not publish public subscription or usage pricing on its official website. The vendor offers demos and a free "API Attack Surface Assessment" but product pricing and tiers require contacting Salt sales or requesting a demo. |
Notes: No official pricing page, tier list, or usage-based cost table was found on Salt Security's official website (salt.security). Salt does appear in cloud marketplaces (AWS, Azure, GCP) where contract-based pricing is available, but those marketplace listings show vendor-negotiated contract pricing rather than published list prices on the vendor site.
Seller details
Salt Security, Inc.
Palo Alto, CA, USA
2016
Private
https://salt.security/
https://x.com/SaltSecurity
https://www.linkedin.com/company/salt-security/
